Unexpected news spread this week as Ukrainian officials weigh next steps in their digital campaigns against Russia, because it Their efforts so far have been successful beyond expectations, if sometimes controversial. Overall, Russia is suffering from cyber attacks of all kinds at a scale beyond anything the country has handled before.
Meanwhile, new research indicates that a small group of North Koreans have taught themselves how to jailbreaking smartphones in an attempt to bypass the mode’s extensive digital restrictions and access prohibited vehicles.
Elon Musk’s bid this week to buy Twitter has highlighted a bunch of potential privacy and security concerns for users of the platform. The The US faces a significant increase in child sex abuse websites in 2021 as CSAM hosting continues to grow significantly around the world. Hollywood’s battle against VPNs has gotten hotter as the entertainment industry expands on allegations of illegal activity triggered by the services. And Cloudflare recorded a Historic DDoS attack bombarded crypto platform with 15.3 million requests.
If you feel like doing something for your own safety or that of your business this weekend, we have sum up all the most important key vulnerabilities from April which you can patch now.
And much more than that. We’ve rounded up all the news that we didn’t publish or cover in depth this week. Click on the title to read the full story. And it’s safe out there.
Office of the Director of National Intelligence released annually transparency report on Friday, found that the FBI made 3.4 million unsecured searches of Americans’ data in 2021, including 1.9 million searches related to a Russian cyberattack. This is the first time ODNI has released a number of FBI searches using the Foreign Intelligence Surveillance Act of 1978, or FISA. The law is intended to allow investigative capabilities related to foreign threats, but it does allow some accidental domestic searches in the process. FISA’s operations are often criticized for not being transparent.
In an in-depth analysis, Reuters looks at eight incidents around the country in which activists supporting former President Donald Trump attempted to breach or successfully hack the local voting system as part of of the quest to find evidence of manipulation in the 2020 US presidential election. In most cases, activists convinced local election officials, all Republicans, to export and leak ballot data. In the year and a half since Joe Biden became president, Trump loyalists have continued to falsely assert that voting machines across America were compromised to create a Biden victory.
“These threats are being fueled by radical elected officials and political insiders who are spreading the Big Lie” – i.e. the 2020 vote has been stolen -” to further suppress the vote, destabilize the US election and undermine voter confidence,” Colorado Secretary of State Jena Griswold told Reuters in a statement.
In a report on Wednesday, Microsoft said it found evidence that Russia began setting the stage for its invasion of Ukraine as early as March or April 2021. During that time, hackers Russia’s state-backed government has begun setting up access points in the Ukrainian government and critical infrastructure. researchers found. The attackers appear to be gathering intelligence on the Ukrainian military, NATO member states, and diplomatic targets. In the report, Microsoft called Russia’s aggression against Ukraine a “hybrid war” and said Russia’s cyberattacks were “relentless and destructive.”
Microsoft reports that in early 2021, when Russian troops began to gather on the border of Ukraine, a Russian hacking group called APT 29, Cozy Bear, and Nobelium began carrying out phishing attacks to establish permissions. access. Microsoft says a Russian hacking group called Ghostwriter is also active at this time, targeting Ukrainian military email accounts and networks with phishing attacks.
Internal Facebook document prepared last year and collected by Motherboard raised concerns from privacy engineers in the social network’s Advertising and Business Products team about the company’s ability to access data without they hold and track the data as it moves through the service. The revelations aren’t necessarily surprising, given Facebook’s sheer size and frequent data control issues, but they make a lot of sense as the tech giant works to comply with more and more laws. privacy legislation around the world.
“We do not have a sufficient level of control and accountability over how our systems use data, and therefore we cannot confidently make controlled policy changes or commitments. external links, such as ‘we will not use X data for Y purposes.’ However, this is exactly what regulators expect us to do, increasing the risk of mistakes and misrepresentations,” the document says.
A company spokesperson told Motherboard that the document “does not describe our extensive procedures and controls for compliance with privacy regulations” and that “this document reflects our technical solutions.” The technique we’re building is to extend the existing measures we have in place to manage data and meet obligations. ”
Hackers breached the Instagram account of the Bored Ape Yacht Club of the NFT collection on Monday, posting a link to a replica website that scams visitors away from the NFT. The company said in a statement to WIRED that “Roughly estimated losses due to the scam are 4 Bored Apes, 6 Mutant Apes and 3 BAKC, as well as other NFTs estimated at a total value of ~3 million USD.” dollars.” NFT scams and other crypto scams in which attackers publish a malicious or misleading link to steal funds are not new. However, the BAYC situation is particularly worrisome as the company says it has full two-factor authentication enabled on its Instagram account and that “the security practices around the IG account have been very tight.” The team is investigating how the Instagram takeover came about.
Stories with WIRED are more amazing
